added IGNORE_PARAMETERS to skip testing of state/session web server parameters

2025-12-06 12:41:30 +00:00 · 2011-04-13 19:01:02 +00:00
parent 58a93c5b1f
commit 21114d1748
2 changed files with 10 additions and 0 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -44,6 +44,7 @@ from lib.core.exception import sqlmapValueException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
 from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
+from lib.core.settings import IGNORE_PARAMETERS
 from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
@@ -369,6 +370,12 @@ def start():
                            infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
                            logger.info(infoMsg)

+                        elif parameter.upper() in IGNORE_PARAMETERS:
+                            testSqlInj = False
+
+                            infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
+                            logger.info(infoMsg)
+
                        # Avoid dinamicity test if the user provided the
                        # parameter manually
                        elif parameter in conf.testParameter or conf.realTest: